Managing Secrets, Keys, and Passwords
Understand how to balance security risks and operational costs when managing secrets keys and passwords in Ruby on Rails. Learn why perfect security is impossible, how to evaluate trade-offs, and choose simple, manageable solutions suited to your team's needs and risk tolerance.
We'll cover the following...
We'll cover the following...
Safeguarding sensitive data
In the first section of this course, we hand-waved over managing sensitive values that must be stored in the app’s UNIX environment in production. Let’s talk about that now.
The short answer is, of course, that it depends. The other thing to understand is that we cannot absolutely prevent unauthorized access to our secrets. No system can absolutely prevent the exfiltration of sensitive data.
All security concerns, including managing API keys and secrets, are ...